Defense+ and PDF File Behavior Question

Hi, all!

I have an issue. I allowed my roommate to use my computer while I was away earlier today. When I came home, I noticed that the Defense+ log had some activity on it that I have never encountered before. Now, I’m sure when I mention this to the roomie, he’s going to tell me that both of the .pdf files he ran were perfectly safe. So, I’m coming here for a second opinion. :wink:

I have browsed the forum and found that people should expect to receive alerts when they open a .pdf that is located on an external device. I just want to know if there are any out of the ordinary entries in my log.

Thanks for any and all assistance in advance. Your kindness will be much appreciated!

[attachment deleted by admin]

My eye fell on the blocking of the PDF trying to access the spoolserver.

Out of curiosity I opened 39 different PDF doc’s from my USB stick.They all got sandboxed. Three of them tried to access Device\afd\Endpoint, three of them tried to access the HSUS\bla bla\etc/But none of them tried to access the spool server.

Vulnerability in Spoolserver is a known gateway for TDSS family of rootkits. CIS protects against this family of rootkits.

In case you just want to be sure you can run Kaspersky’s TDSS Killer.

In general it is a good idea to have autoruns disables for all devices that hook up to your computer. USB driver, USB sticks, DVD’s etc… that way autorun viruses cannot spread.